Controlled Software Rollouts for Enterprise Requirements πŸš€

After intensive development work, OpenClaw v0.4.5 is here β€” with features previously only found in enterprise tools like SCCM or Intune: Rollout Strategies and Maintenance Windows.

What’s New?

🎯 Rollout Strategies

Not every software deployment should be β€œYOLO’d” to all devices at once. With v0.4.5, you have four strategies to choose from:

Strategy Description Use Case
Immediate All devices at once Hotfixes, non-critical updates
Staged In waves (e.g., 10 devices, 60 min pause, next 10) Larger rollouts with risk mitigation
Canary Test on 1-3 devices first, then manual approval Critical updates, new software
Percentage 10% β†’ 30% β†’ 50% β†’ 100% Gradual increase with observation time

πŸ• Maintenance Windows

Deployments in the middle of the day during productive hours? Not anymore with Maintenance Windows:

  • Define time windows: e.g., 22:00 - 06:00
  • Select weekdays: Mon-Fri, weekends only, etc.
  • Per group or node: Different windows for servers vs. clients
  • Deployment option: β€œOnly run in maintenance windows” checkbox
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚  πŸ• Maintenance Window: "Server Night Window"           β”‚
β”‚  ═══════════════════════════════════════════            β”‚
β”‚  Time:  22:00 - 06:00                                   β”‚
β”‚  Days:  Mon Tue Wed Thu Fri                             β”‚
β”‚  Target: Group "Production Servers"                     β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

πŸ”’ RBAC Now Complete

The Role-Based Access Control system from the last release is now production-ready:

  • 4 system roles: Admin, Operator, Viewer, Auditor
  • JWT authentication for all frontend pages
  • API Keys for automation & integrations
  • Audit Log β€” who did what, when

πŸ§ͺ Improved Test Coverage

36 Playwright E2E tests now cover all critical user journeys:

  • Login/Auth Flow
  • Navigation
  • Node Details
  • Deployments
  • Groups & Packages

Technical Details

Backend (FastAPI)

New endpoints:

GET/POST /api/v1/maintenance-windows
GET/PUT/DELETE /api/v1/maintenance-windows/{id}
GET /api/v1/maintenance-windows/check/{node_id}

GET /api/v1/rollout-strategies
POST /api/v1/deployments/{id}/rollout
GET /api/v1/deployments/{id}/rollout
POST /api/v1/deployments/{id}/rollout/advance

Frontend (Next.js)

  • New page: /settings/maintenance-windows
  • Deployment dialog extended with rollout strategy selector
  • Configuration UI for each strategy

Installation / Upgrade

Server

cd openclaw-windows-agent
git pull
systemctl --user restart openclaw-inventory.service

Windows Agents

Agents with AutoUpdater will receive v0.4.5 automatically within an hour. Manual installation:

irm https://raw.githubusercontent.com/BenediktSchackenberg/openclaw-windows-agent/main/installer/Install-OpenClawAgent.ps1 | iex

What’s Next?

  • E4-17 to E4-20: Package Catalog UI is done, Version Editor coming
  • Compliance Reporting: Which devices meet security policies?
  • Multi-Tenant: Different organizations in one instance

OpenClaw is Open Source (MIT License). Contributions welcome! 🦎